The Department of Defense is consuming more and more chips and lines of code, which translates to more supply-chain vulnerability. Officials and industry leaders argue big data and artificial intelligence will be critical tools to manage that risk going forward.

Speaking at an Intelligence and National Security Alliance and Defense One event, panelists described a rapidly expanding network of suppliers for weapons and components. For example, Northrup Grumman alone has some 5,000 suppliers in just one sector of its business.

The Promoting Good Cyber Hygiene Act, introduced by Hatch and Sen. Ed Markey (D-Mass.), would direct the National Institute of Standards and Technology to establish a set of baseline voluntary best practices for safeguarding against cyber intrusions that would be updated annually.

The legislation would also direct the Department of Homeland Security to study cybersecurity threats to internet-connected devices, commonly known as the “Internet of Things.”

GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. And non-compliance could cost companies dearly. Here’s what every company that does business in Europe needs to know about GDPR.

Companies that do business in European Union countries will need to comply with strict new rules around protecting customer data within the next year. The General Data Protection Regulation (GDPR) is expected to set a new standard for consumer rights regarding their data, but companies will be challenged as they put systems and processes in place to comply.

The National Institute of Standards and Technology (NIST) should remain a neutral broker in developing standards to support public and private sector cyber security efforts and should not take on the role of an auditor to ensure federal agencies are complying with an existing cyber-risk management framework as called for in proposed congressional legislation, the former chief information security officer (CISO) of the United States told a House panel last week.

A lack of standards-based technical security testing is putting industrial control environments and critical national infrastructure at risk of cyber attack, a report reveals

Improvements are necessary to avoid breaches that could affect critical national infrastructure (CNI), concludes the Crest report, which says there is strong evidence that CNI is a target not only of adversarial states, but also of determined and skilled criminal attackers.